mike.redan at bell.ca wrote: > Could you also send along how you are starting up racoon, and any error > messages you are getting on the command line, and in the log files? > (make sure you are starting with verbose/debug at full so you can see > exactly what is going on) Logs doesn't reports any error .. at my laptop. On the firewall side, displays errors about I don't use 192.168.2.1 ip --- > > (some comments embedded) > > >>> Would you be able to post your racoon configuration, maybe >> which version >>> of ipsec-tools you are using, and maybe some error messages? >>> >>> It can be pretty easy to make little mistakes which will >> make this not >>> work. >>> >>> >>> Cheers, >>> Mike >> 192.168.2.1 needs to be my virtual ip to connect to internal >> customer network. >> 172.25.50.28 it is my laptop's ip that I use on my job's >> network. I am using >> CentOS 5 and ipsec-tools version 0.6.5-8.el5. I have tried to >> use dummy driver >> to assign me 192.168.2.1 virtual ip without luck. >> > > You can do something like: > ifconfig eth0:0 add 192.168.2.1 Doesn't works .... > > > >> My racoon.conf: >> >> path certificate "/etc/racoon/certs"; >> >> listen >> { >> adminsock "/var/racoon/racoon.sock" "root" "nobody" 0660; >> } >> >> remote 1.1.1.1 >> { >> exchange_mode main; > > If you are setup as a 'road warrior' then you would want exchange_mode > aggressive; not main. With aggressive mode, phase 1 doesn't works ... > >> certificate_type x509 "user.pem" "user.key"; >> verify_cert on; >> my_identifier asn1dn; >> peers_identifier fqdn "fwcust.domain.com"; >> ca_type x509 "custca.pem"; >> verify_identifier on; >> proposal_check obey; >> nat_traversal on; >> proposal { >> encryption_algorithm 3des; >> hash_algorithm sha1; >> authentication_method rsasig; >> dh_group 2; >> } >> } >> >> sainfo address 192.168.2.1/32 any address 172.17.47.0/27 any >> { >> pfs_group 2; >> lifetime time 12 hour; >> encryption_algorithm aes; >> authentication_algorithm hmac_sha256; >> compression_algorithm deflate; >> } >> >> sainfo address 172.17.47.0/27 any address 192.168.2.1/32 any >> { >> pfs_group 2; >> lifetime time 12 hour; >> encryption_algorithm aes; >> authentication_algorithm hmac_sha256; >> compression_algorithm deflate; >> } >> sainfo address 172.25.50.28/32 any address 1.1.1.1/32 any >> { >> pfs_group 2; >> lifetime time 12 hour; >> encryption_algorithm aes; >> authentication_algorithm hmac_sha256; >> compression_algorithm deflate ; >> } >> >> sainfo address 1.1.1.1/32 any address 172.25.50.28/32 any >> { >> pfs_group 2; >> lifetime time 12 hour; >> encryption_algorithm 3des; >> authentication_algorithm hmac_sha256; >> compression_algorithm deflate; >> } >> >> -- > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- CL Martinez carlopmart {at} gmail {d0t} com